privateloader | 2024-05-04_ffc509e3271055eb48998822eb4c80cc_bkransomware_magniber | Triage

Sharing

General

Target

2024-05-04_ffc509e3271055eb48998822eb4c80cc_bkransomware_magniber
Size

20.9MB
MD5

ffc509e3271055eb48998822eb4c80cc
SHA1

c77ef67b7a67ad2940476a165fd10ba16a736d75
SHA256

baedf707f3f4c1d8272c8484c969c9e3e4d96e81af9331ff7e2048647ba07bc1
SHA512

322cb593a408d1092fcdbb8546fb7549258db3428554b1c5c1e9784d2f78100b752d6a32feb382ef090d561f700058bb42753ce8ce18debe6b2b82a520dc4cca
SSDEEP

393216:bDjB+WUWPWYU00TE0Cv/W5DjB+WUWPWYUV5IMlP:fjBrUWPWYU00TJCvCjBrUWPWYUV5IMN

Score

10^/10

privateloader

Malware Config

Signatures

Detects executables packed with Enigma 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Enigma

Detects packed executables observed in Molerats 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Loader

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_ffc509e3271055eb48998822eb4c80cc_bkransomware_magniber

Files

2024-05-04_ffc509e3271055eb48998822eb4c80cc_bkransomware_magniber
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\working\GOMDev\GomAudio\bin\GOMAU_Global.pdb

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_G
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 16.0MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE